U.S. and U.K. Collaborate to Stop LockBit Ransomware Group

The U.S. Department of Justice, in collaboration with the United Kingdom and international law enforcement partners, has declared a successful disruption of the notorious LockBit ransomware group. LockBit, a major player in the cybercrime, known for its relentless targeting of over 2,000 victims globally. The group accumulated staggering ransom payments exceeding $120 million and issued demands totaling hundreds of millions of dollars. This collaborative operation engaged the U.K. National Crime Agency’s Cyber Division, working closely with the U.S. Department of Justice, the Federal Bureau of Investigation (FBI), and other international law enforcement agencies. The strategic measures employed in this operation aimed at dismantling LockBit’s operations involved the seizure of various public-facing websites and the takeover of servers utilized by LockBit administrators. These actions effectively disrupted the group’s capacity to execute attacks, encrypt networks, and extort victims by threatening to disclose stolen data.  

Attorney General Merrick B. Garland emphasized the threat of this operation, stating, “For years, LockBit associates have deployed these kinds of attacks again and again across the United States and around the world. Today, U.S. and U.K. law enforcement are taking away the keys to their criminal operation.” Attorney General Garland further disclosed that the Justice Department has obtained decryption keys from the seized LockBit infrastructure to facilitate victims in recovering their systems and data. The U.K. National Crime Agency, in coordination with the FBI and global law enforcement partners, has developed decryption capabilities in response to these attacks. This initiative is designed to help hundreds of victims worldwide in restoring systems encrypted by the LockBit ransomware. Victims are urged to contact the FBI through the provided online portal to assess the feasibility of successfully decrypting affected systems.  

The Department of Justice revealed an indictment in the District of New Jersey alongside this successful disruption, charging Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against numerous victims. These victims include businesses in manufacturing and other industries in the United States and globally. The Department of Justice also unsealed search warrants authorizing the FBI to disrupt U.S.-based servers used by LockBit members, demonstrating the commitment to holding cybercriminals accountable. FBI Director Christopher A. Wray lauded the success of the operation, stating, “Today’s actions are another down payment on our pledge to continue dismantling the ecosystem fueling cybercrime by prioritizing disruptions and placing victims first.” Director Wray emphasized the FBI’s unwavering dedication to defending the nation’s cybersecurity and national security.  

The unsealed indictment outlines the involvement of Sungatov and Kondratyev in deploying LockBit ransomware against victims, involving various industries and geographic locations. The charges include the deployment of ransomware against victims located in multiple states and countries. This latest operation contributes to a series of law enforcement actions against LockBit, showcasing an enduring commitment to combating ransomware and cyber threats. With a total of five LockBit members now facing charges, the Justice Department, in collaboration with international partners, remains committed in identifying, disrupting, and holding cybercriminals accountable for their actions. The investigation into LockBit’s activities will persist, with a dedicated focus on bringing all responsible individuals, from developers to affiliates, to justice.